Can Blockchain Fix Cybersecurity?

Maria Korolov, DataCenter Knowledge

The technology holds a lot of promise for security, but there’s still a long way to go before it sees serious enterprise adoption.

Blockchain is one of the biggest tech buzzwords of the last few years, and the technology is marketed as a cure for everything that ails you, including cybersecurity. In practice, at least as far as security is concerned, blockchain might actually cause more problems than it solves.

The basic idea behind blockchain is that you’ve got a list of items, or a ledger, that you’re sharing with your peers. A clever bit of encryption keeps you from changing the previous elements on that list, unless the majority of your peers sign off on the change.

It’s pitched as being better than having one trusted central party keep track of the list and make corrections when needed, because the trusted central party usually charges money for the service.

So, for example, banks can get together and move money from one to another without any centralized gatekeeper.

Security experts seem to agree that the technology has a lot of potential in their space.

One example is its potential to improve efficiency of key and certificate distribution, David Cook, CISO at Databricks, the San Francisco-based data analytics firm, told us. “I think there’s some business value to it,” Cook said.

The downside is that when there’s a problem with a transaction, instead of having that central entity step in and resolve the dispute and correct the ledger, you have to negotiate with everyone else in the system.

This happens a lot with cryptocurrencies, which are currently the biggest and best-known implementations of blockchain. And those implementations haven’t been without problems.

Besides hacks and reversibility issues, there are the practical problems of adapting business processes and technology platforms to blockchain.

“In my prior position, I ran operations for data centers, and based on the legacy code in the infrastructure, I would say we are far from actually implementing it,” Cook said.

As a result, data center operators haven’t yet started deploying blockchain technology to any noticeable degree, he said. “In my dealings with other CISOs, nobody is using it.”

Cook said he also wants to see major vendor support and mainstream acceptance before considering using blockchain. “I would probably wait until one of the bigger companies, like Google or Microsoft, starts to adopt this,” he said. “There are a lot of questions about this technology. On the surface, it seems super secure, but I do feel that it’s going to take a while to adopt based on what I see with my infrastructure.”

Another barrier to implementing blockchain is that it’s resource-intensive.

It takes work to do the calculations that guarantee the integrity of the data blocks in the blockchain.

“Blockchain is extremely intensive in terms of computing and power demands, cooling, and wear and tear,” Dave Klein, senior director of engineering and architecture at the Israeli security company GuardiCore, said.

“The blockchain platform has the promise of more transparency, increased security, and increased efficiency,” she said.

But even once the security and management challenges are addressed, adoption won’t be easy, since the frameworks are difficult to use, and different blockchain tools don’t work together. “The technology adoption is still far behind,” she said.